We help IT Professionals succeed at work.

Terminal Server - access internal but not external for one user

649 Views
Last Modified: 2013-11-21
Is there a way with Windows 2003 Terminal Services to allow a user to login from the LAN but not remotely (over the Internet) on the same Terminal Server?
Comment
Watch Question

Commented:
Describe the way he is using to reach the Terminal Server from Internet.

Author

Commented:
By using RDP.

Commented:
RDP is the TS client.
I ask you how the RDP client access your LAN from Internet. The clients use a VPN, you publish the Terminal Services or other way ? Be specific.

Author

Commented:
I know RDP is a client. They have the RDP client on their desktop and they click on it. It has the IP address of the Terminal Server. They do not have VPN.
Irwin W.There are a 1000 ways to skin the technology cat.
CERTIFIED EXPERT

Commented:
If you do not have a VPN or your not forward port 3389 from your firewall to the Terminal server, it CANNOT be accessed from the internet.
Cláudio RodriguesFounder and CEO
CERTIFIED EXPERT

Commented:
Do they use the exact same computer to do this?
Look for SecureRDP4.exe on Google. This tool is freeware and we wrote it a long time ago. It filters RDP connections.
Another thing to keep in mind is the RDS SDK has functions that return for example the client LOCAL IP address. I can bet the one returned when he is on the LAN is NOT the same as when he is somewhere else. In this case a simple script would be able to retrieve the IP and if it does NOT match the LAN IP addressing scheme you simply kick him off using TSLOGOFF.

Cláudio Rodrigues
Microsoft MVP - RDS
Citrix CTP

Author

Commented:
Claudio,

Thanks for the lead for SecureRDP4. I'm always glad to see you responding - you've always been very helpful in the past.  Does SecureRDP4 restrict by user? I looked at it and it didn't seem to restrict by name. Also the user internally gets DHCP so there is regular IP that I can filter negatively/positively. Same would be the case when they are away from the office probably.  I guess one way would be to give this fellow a static IP internally?
Irwin W.There are a 1000 ways to skin the technology cat.
CERTIFIED EXPERT

Commented:
I don't see the need for any other products.  If your users do not have VPN access or if your Terminal server does not have a public IP or if you are not port forwarding the RDP port, there is NO way that external access is available  to the Terminal server.
Founder and CEO
CERTIFIED EXPERT
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION

Author

Commented:
Claudio,

Thanks for the info. I will give it a shot.

Gain unlimited access to on-demand training courses with an Experts Exchange subscription.

Get Access
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Empower Your Career
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE

Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.